Doxbin - cesk

  ____            _     _       
 |  _ \  _____  _| |__ (_)_ __  
 | | | |/ _ \ \/ / '_ \| | '_ \ 
 | |_| | (_) >  <| |_) | | | | |
 |____/ \___/_/\_\_.__/|_|_| |_|

Title:cesk

Created:Nov 30th, 2023

Created by: lucifergabriuel

Comments: 1

thumb_up0 thumb_down0

Username: Anonymous - (Login)

Submit Comment

lucifergabriuel -

1 year ago

AKCESK thecyber security albania akcesk

Please note that all posted information is publicly available and must follow our TOS.

 

██╗░░░░░██╗░░░██╗░█████╗░██╗███████╗███████╗██████╗░
██║░░░░░██║░░░██║██╔══██╗██║██╔════╝██╔════╝██╔══██╗
██║░░░░░██║░░░██║██║░░╚═╝██║█████╗░░█████╗░░██████╔╝
██║░░░░░██║░░░██║██║░░██╗██║██╔══╝░░██╔══╝░░██╔══██╗
███████╗╚██████╔╝╚█████╔╝██║██║░░░░░███████╗██║░░██║
╚══════╝░╚═════╝░░╚════╝░╚═╝╚═╝░░░░░╚══════╝╚═╝░░╚═╝

Emri e mbiemri Igli TAFA
Adresa Tiranë - Albania
Telefon + 355 682005622
E-Mail itafaj@fti.edu.al ose itafaj@gmail.com ose vasilisnastis@gmail.com
Shtetësia Shqiptare
Datëlindja 16.06.1979
Gjinia M
work as General Director and National Cyber Coordinator of AKCESK

-----------------------------------------------------------------------------------------------
https://cesk.gov.al/
┌──(kali㉿kali)-[~]
└─$ nikto -h https://cesk.gov.al  
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          134.0.43.58
+ Target Hostname:    cesk.gov.al
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=cesk.gov.al
                   Ciphers:  ECDHE-RSA-AES256-GCM-SHA384
                   Issuer:   /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
+ Start Time:         2023-11-30 14:12:26 (GMT-5)
---------------------------------------------------------------------------
+ Server: Apache/2.4.58 (Ubuntu)
+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: Drupal Link header found with value: ARRAY(0x5625c8bc1af8). See: https://www.drupal.org/
+ /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /40oUQoEN.: Uncommon header 'x-redirect-by' found, with contents: WordPress.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See: http://breachattack.com/
+ /: Web Server returns a valid response with junk HTTP methods which may cause false positives.
+ /scripts/samples/details.idc: NT ODBC Remote Compromise. See: http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc
+ /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709
+ /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013
+ ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
+ Scan terminated: 20 error(s) and 10 item(s) reported on remote host
+ End Time:           2023-11-30 14:16:00 (GMT-5) (214 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
---------------------------------------------------------------------------
5.4	CVE-2023-38000	Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.	N/A	wordpress 6.2.2
5.3	CVE-2023-5561	WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack	N/A	wordpress 6.2.2
4.3	CVE-2023-39999	Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.	N/A	wordpress 6.2.2
4.3	CVE-2018-14040	In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.	N/A	bootstrap 4.1.1
4.3	CVE-2018-14041	In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.	N/A	bootstrap 4.1.1
4.3	CVE-2018-14042	In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
-------------------------------------------------------------------------
Risk description
    These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of service attacks. An attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the system.